Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TOCTTOU in usage of access() #539

Open
guijan opened this issue Dec 8, 2023 · 1 comment
Open

TOCTTOU in usage of access() #539

guijan opened this issue Dec 8, 2023 · 1 comment

Comments

@guijan
Copy link
Contributor

guijan commented Dec 8, 2023

https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use

There's no guarantee that the information access() returns is valid after it returns.

This function should be removed and its caller should be reworked to use open():

proxychains-ng/src/common.c

Lines 77 to 81 in d5cc80a

static int check_path(char *path) {
if(!path)
return 0;
return access(path, R_OK) != -1;
}

There's a 2nd usage of access() in the source code, but it's not a bug because there's no way to do what it does with file descriptors:

proxychains-ng/src/main.c

Lines 122 to 129 in d5cc80a

while(dll_dirs[i]) {
snprintf(buf, sizeof(buf), "%s/%s", dll_dirs[i], dll_name);
if(access(buf, R_OK) != -1) {
prefix = dll_dirs[i];
break;
}
i++;
}

@rofl0r
Copy link
Owner

rofl0r commented Dec 8, 2023

i'm aware about TOCTTOU and its implications, but i figure the chances of proxychains.conf disappearing between the check and the usage are too small to be relevant.
in all the years maintaining this program this theoretical issue not once surfaced in a practical issue report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rofl0r @guijan